ReactOS 0.4.15-dev-7998-gdb93cb1
Classes | Macros | Typedefs | Functions | Variables
eventlog.h File Reference
#include <stdarg.h>
#include <windef.h>
#include <winbase.h>
#include <ndk/rtlfuncs.h>
#include <ndk/obfuncs.h>
#include <evtlib.h>
#include <eventlogrpc_s.h>
#include <strsafe.h>
Include dependency graph for eventlog.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  _LOGFILE
 
struct  _EVENTSOURCE
 
struct  _LOGHANDLE
 

Macros

#define WIN32_NO_STATUS
 
#define NTOS_MODE_USER
 
#define ROUND_DOWN(n, align)   (((ULONG)n) & ~((align) - 1l))
 
#define ROUND_UP(n, align)   ROUND_DOWN(((ULONG)n) + (align) - 1, (align))
 
#define LOG_HANDLE_BACKUP_FILE   1
 

Typedefs

typedef struct _LOGFILE LOGFILE
 
typedef struct _LOGFILEPLOGFILE
 
typedef struct _EVENTSOURCE EVENTSOURCE
 
typedef struct _EVENTSOURCEPEVENTSOURCE
 
typedef struct _LOGHANDLE LOGHANDLE
 
typedef struct _LOGHANDLEPLOGHANDLE
 

Functions

VOID PRINT_RECORD (PEVENTLOGRECORD pRec)
 
VOID InitEventSourceList (VOID)
 
BOOL LoadEventSources (HKEY hKey, PLOGFILE pLogFile)
 
PEVENTSOURCE GetEventSourceByName (LPCWSTR Name)
 
VOID LogfListInitialize (VOID)
 
DWORD LogfListItemCount (VOID)
 
PLOGFILE LogfListItemByIndex (DWORD Index)
 
PLOGFILE LogfListItemByName (LPCWSTR Name)
 
NTSTATUS LogfCreate (PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
 
VOID LogfClose (PLOGFILE LogFile, BOOLEAN ForceClose)
 
VOID LogfCloseAll (VOID)
 
NTSTATUS LogfClearFile (PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
 
NTSTATUS LogfBackupFile (PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
 
NTSTATUS LogfReadEvents (PLOGFILE LogFile, ULONG Flags, PULONG RecordNumber, ULONG BufSize, PBYTE Buffer, PULONG BytesRead, PULONG BytesNeeded, BOOLEAN Ansi)
 
NTSTATUS LogfWriteRecord (PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
 
PEVENTLOGRECORD LogfAllocAndBuildNewRecord (PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
 
static __inline void LogfFreeRecord (PEVENTLOGRECORD Record)
 
VOID LogfReportEvent (USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
 
NTSTATUS WINAPI PortThreadRoutine (PVOID Param)
 
NTSTATUS InitLogPort (VOID)
 
NTSTATUS ProcessPortMessage (VOID)
 
DWORD WINAPI RpcThreadRoutine (LPVOID lpParameter)
 

Variables

PEVENTSOURCE EventLogSource
 

Macro Definition Documentation

◆ LOG_HANDLE_BACKUP_FILE

#define LOG_HANDLE_BACKUP_FILE   1

Definition at line 53 of file eventlog.h.

◆ NTOS_MODE_USER

#define NTOS_MODE_USER

Definition at line 19 of file eventlog.h.

◆ ROUND_DOWN

#define ROUND_DOWN (   n,
  align 
)    (((ULONG)n) & ~((align) - 1l))

Definition at line 23 of file eventlog.h.

◆ ROUND_UP

#define ROUND_UP (   n,
  align 
)    ROUND_DOWN(((ULONG)n) + (align) - 1, (align))

Definition at line 24 of file eventlog.h.

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 15 of file eventlog.h.

Typedef Documentation

◆ EVENTSOURCE

typedef struct _EVENTSOURCE EVENTSOURCE

◆ LOGFILE

typedef struct _LOGFILE LOGFILE

◆ LOGHANDLE

typedef struct _LOGHANDLE LOGHANDLE

◆ PEVENTSOURCE

typedef struct _EVENTSOURCE * PEVENTSOURCE

◆ PLOGFILE

typedef struct _LOGFILE * PLOGFILE

◆ PLOGHANDLE

typedef struct _LOGHANDLE * PLOGHANDLE

Function Documentation

◆ GetEventSourceByName()

PEVENTSOURCE GetEventSourceByName ( LPCWSTR  Name)

Definition at line 202 of file eventsource.c.

203{
204 PLIST_ENTRY CurrentEntry;
205 PEVENTSOURCE Item, Result = NULL;
206
207 DPRINT("GetEventSourceByName(%S)\n", Name);
208 EnterCriticalSection(&EventSourceListCs);
209
210 CurrentEntry = EventSourceListHead.Flink;
211 while (CurrentEntry != &EventSourceListHead)
212 {
213 Item = CONTAINING_RECORD(CurrentEntry,
214 EVENTSOURCE,
215 EventSourceListEntry);
216
217 DPRINT("Item->szName: %S\n", Item->szName);
218// if ((*(Item->szName) != 0) && !_wcsicmp(Item->szName, Name))
219 if (_wcsicmp(Item->szName, Name) == 0)
220 {
221 DPRINT("Found it\n");
222 Result = Item;
223 break;
224 }
225
226 CurrentEntry = CurrentEntry->Flink;
227 }
228
229 LeaveCriticalSection(&EventSourceListCs);
230
231 DPRINT("Done (Result: %p)\n", Result);
232
233 return Result;
234}
NULL
#define NULL
Definition: types.h:112
EventSourceListHead
static LIST_ENTRY EventSourceListHead
Definition: eventsource.c:16
EventSourceListCs
static CRITICAL_SECTION EventSourceListCs
Definition: eventsource.c:17
_wcsicmp
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
DPRINT
#define DPRINT
Definition: sndvol32.h:71
NameRec_
Definition: apinames.c:49
_EVENTSOURCE
Definition: eventlog.h:45
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
Item
_In_ WDFCOLLECTION _In_ WDFOBJECT Item
Definition: wdfcollection.h:153
LeaveCriticalSection
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
EnterCriticalSection
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409

Referenced by ElfCreateEventLogHandle(), and wmain().

◆ InitEventSourceList()

VOID InitEventSourceList ( VOID  )

Definition at line 22 of file eventsource.c.

23{
24 InitializeCriticalSection(&EventSourceListCs);
25 InitializeListHead(&EventSourceListHead);
26}
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
InitializeCriticalSection
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
Definition: synch.c:751

Referenced by wmain().

◆ InitLogPort()

NTSTATUS InitLogPort ( VOID  )

Definition at line 47 of file logport.c.

48{
49 NTSTATUS Status;
50 UNICODE_STRING PortName = RTL_CONSTANT_STRING(ELF_PORT_NAME);
51 OBJECT_ATTRIBUTES ObjectAttributes;
52 PORT_MESSAGE Request;
53
54 ConnectPortHandle = NULL;
55 MessagePortHandle = NULL;
56
57 InitializeObjectAttributes(&ObjectAttributes, &PortName, 0, NULL, NULL);
58
59 Status = NtCreatePort(&ConnectPortHandle,
60 &ObjectAttributes,
61 0,
62 PORT_MAXIMUM_MESSAGE_LENGTH, // IO_ERROR_LOG_MESSAGE_LENGTH,
63 2 * PAGE_SIZE);
64 if (!NT_SUCCESS(Status))
65 {
66 DPRINT1("NtCreatePort() failed (Status %lx)\n", Status);
67 goto ByeBye;
68 }
69
70 Status = NtListenPort(ConnectPortHandle, &Request);
71 if (!NT_SUCCESS(Status))
72 {
73 DPRINT1("NtListenPort() failed (Status %lx)\n", Status);
74 goto ByeBye;
75 }
76
77 Status = NtAcceptConnectPort(&MessagePortHandle, ConnectPortHandle,
78 &Request, TRUE, NULL, NULL);
79 if (!NT_SUCCESS(Status))
80 {
81 DPRINT1("NtAcceptConnectPort() failed (Status %lx)\n", Status);
82 goto ByeBye;
83 }
84
85 Status = NtCompleteConnectPort(MessagePortHandle);
86 if (!NT_SUCCESS(Status))
87 {
88 DPRINT1("NtCompleteConnectPort() failed (Status %lx)\n", Status);
89 goto ByeBye;
90 }
91
92ByeBye:
93 if (!NT_SUCCESS(Status))
94 {
95 if (ConnectPortHandle != NULL)
96 NtClose(ConnectPortHandle);
97
98 if (MessagePortHandle != NULL)
99 NtClose(MessagePortHandle);
100 }
101 return Status;
102}
PortName
static UNICODE_STRING PortName
Definition: NtAcceptConnectPort.c:26
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DPRINT1
#define DPRINT1
Definition: precomp.h:8
NtAcceptConnectPort
NTSTATUS NTAPI NtAcceptConnectPort(OUT PHANDLE PortHandle, IN PVOID PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage, IN BOOLEAN AcceptConnection, IN OUT PPORT_VIEW ServerView OPTIONAL, OUT PREMOTE_PORT_VIEW ClientView OPTIONAL)
Definition: complete.c:40
NtCompleteConnectPort
NTSTATUS NTAPI NtCompleteConnectPort(IN HANDLE PortHandle)
Definition: complete.c:423
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
TRUE
#define TRUE
Definition: types.h:120
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
PAGE_SIZE
#define PAGE_SIZE
Definition: env_spec_w32.h:49
Status
Status
Definition: gdiplustypes.h:25
ELF_PORT_NAME
#define ELF_PORT_NAME
Definition: iolog.h:15
ConnectPortHandle
static HANDLE ConnectPortHandle
Definition: logport.c:21
MessagePortHandle
static HANDLE MessagePortHandle
Definition: logport.c:22
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
NtCreatePort
NTSTATUS NTAPI NtCreatePort(OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG MaxConnectInfoLength, IN ULONG MaxDataLength, IN ULONG MaxPoolUsage)
Definition: create.c:222
NtListenPort
NTSTATUS NTAPI NtListenPort(IN HANDLE PortHandle, OUT PPORT_MESSAGE ConnectMessage)
Definition: listen.c:22
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_PORT_MESSAGE_HEADER
Definition: winternl.h:1746
_UNICODE_STRING
Definition: env_spec_w32.h:368
RTL_CONSTANT_STRING
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14
Request
_In_ WDFREQUEST Request
Definition: wdfdevice.h:547
PORT_MAXIMUM_MESSAGE_LENGTH
#define PORT_MAXIMUM_MESSAGE_LENGTH
Definition: iotypes.h:2029

Referenced by PortThreadRoutine().

◆ LoadEventSources()

BOOL LoadEventSources ( HKEY  hKey,
PLOGFILE  pLogFile 
)

Definition at line 82 of file eventsource.c.

84{
85 BOOL Success;
86 DWORD dwNumSubKeys, dwMaxSubKeyLength;
87 DWORD dwEventSourceNameLength, MaxValueLen;
88 DWORD dwIndex;
89 PWSTR Buf = NULL, SourceList = NULL, Source = NULL;
90 size_t cchRemaining = 0;
91 LONG Result;
92
93 DPRINT("LoadEventSources\n");
94
95 Result = RegQueryInfoKeyW(hKey, NULL, NULL, NULL, &dwNumSubKeys, &dwMaxSubKeyLength,
96 NULL, NULL, NULL, NULL, NULL, NULL);
97 if (Result != ERROR_SUCCESS)
98 {
99 DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
100 return FALSE;
101 }
102
103 dwMaxSubKeyLength++;
104
105 Buf = HeapAlloc(GetProcessHeap(), 0, dwMaxSubKeyLength * sizeof(WCHAR));
106 if (!Buf)
107 {
108 DPRINT1("Error: cannot allocate heap!\n");
109 return FALSE;
110 }
111
112 /*
113 * Allocate a buffer for storing the names of the sources as a REG_MULTI_SZ
114 * in the registry. Also add the event log as its own source.
115 * Add a final NULL-terminator.
116 */
117 MaxValueLen = dwNumSubKeys * dwMaxSubKeyLength + wcslen(pLogFile->LogName) + 2;
118 SourceList = HeapAlloc(GetProcessHeap(), 0, MaxValueLen * sizeof(WCHAR));
119 if (!SourceList)
120 {
121 DPRINT1("Error: cannot allocate heap!\n");
122 /* It is not dramatic if we cannot create it */
123 }
124 else
125 {
126 cchRemaining = MaxValueLen;
127 Source = SourceList;
128 }
129
130 /*
131 * Enumerate all the subkeys of the event log key, that constitute
132 * all the possible event sources for this event log. At this point,
133 * skip the possible existing source having the same name as the
134 * event log, it will be added later on.
135 */
136 dwEventSourceNameLength = dwMaxSubKeyLength;
137 dwIndex = 0;
138 while (RegEnumKeyExW(hKey,
139 dwIndex,
140 Buf,
141 &dwEventSourceNameLength,
142 NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
143 {
144 if (_wcsicmp(pLogFile->LogName, Buf) != 0)
145 {
146 DPRINT("Event Source: %S\n", Buf);
147 Success = AddNewEventSource(pLogFile, Buf);
148 if (Success && (Source != NULL))
149 {
150 /* Append the event source name and an extra NULL-terminator */
151 StringCchCopyExW(Source, cchRemaining, Buf, &Source, &cchRemaining, 0);
152 if (cchRemaining > 0)
153 {
154 *++Source = L'\0';
155 cchRemaining--;
156 }
157 }
158 }
159
160 dwEventSourceNameLength = dwMaxSubKeyLength;
161 dwIndex++;
162 }
163
164 /* Finally, allow the event log itself to be its own source */
165 DPRINT("Event Source: %S\n", pLogFile->LogName);
166 Success = AddNewEventSource(pLogFile, pLogFile->LogName);
167 if (Success && (Source != NULL))
168 {
169 /* Append the event source name and an extra NULL-terminator */
170 StringCchCopyExW(Source, cchRemaining, pLogFile->LogName, &Source, &cchRemaining, 0);
171 if (cchRemaining > 0)
172 {
173 *++Source = L'\0';
174 cchRemaining--;
175 }
176 }
177
178 /* Save the list of sources in the registry */
179 Result = RegSetValueExW(hKey,
180 L"Sources",
181 0,
182 REG_MULTI_SZ,
183 (LPBYTE)SourceList,
184 (MaxValueLen - cchRemaining + 1) * sizeof(WCHAR));
185 if (Result != ERROR_SUCCESS)
186 {
187 DPRINT1("RegSetValueExW failed: %lu\n", Result);
188 }
189
190 if (SourceList)
191 HeapFree(GetProcessHeap(), 0, SourceList);
192
193 HeapFree(GetProcessHeap(), 0, Buf);
194
195 DumpEventSourceList();
196
197 return TRUE;
198}
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
FALSE
#define FALSE
Definition: types.h:117
RegEnumKeyExW
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2504
RegSetValueExW
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4882
RegQueryInfoKeyW
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3662
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
HeapAlloc
#define HeapAlloc
Definition: compat.h:733
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:735
Success
@ Success
Definition: eventcreate.c:712
DumpEventSourceList
static VOID DumpEventSourceList(VOID)
Definition: eventsource.c:30
AddNewEventSource
static BOOL AddNewEventSource(PLOGFILE pLogFile, PWSTR lpSourceName)
Definition: eventsource.c:57
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
hKey
FxAutoRegKey hKey
Definition: fxdriverapikm.cpp:59
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
Source
_In_ UINT _In_ UINT _In_ PNDIS_PACKET Source
Definition: ndis.h:3169
REG_MULTI_SZ
#define REG_MULTI_SZ
Definition: nt_native.h:1501
L
#define L(x)
Definition: ntvdm.h:50
LONG
long LONG
Definition: pedump.c:60
StringCchCopyExW
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
_LOGFILE::LogName
WCHAR * LogName
Definition: eventlog.h:38
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
SourceList
_In_ IN_ADDR _In_ IN_ADDR _Out_ MULTICAST_MODE_TYPE _Inout_ ULONG _Out_writes_ SourceCount IN_ADDR * SourceList
Definition: ws2tcpip.h:622
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by LoadLogFiles().

◆ LogfAllocAndBuildNewRecord()

PEVENTLOGRECORD LogfAllocAndBuildNewRecord ( PSIZE_T  pRecSize,
ULONG  Time,
USHORT  wType,
USHORT  wCategory,
ULONG  dwEventId,
PUNICODE_STRING  SourceName,
PUNICODE_STRING  ComputerName,
ULONG  dwSidLength,
PSID  pUserSid,
USHORT  wNumStrings,
PWSTR  pStrings,
ULONG  dwDataSize,
PVOID  pRawData 
)

Definition at line 896 of file file.c.

909{
910 SIZE_T RecSize;
911 SIZE_T SourceNameSize, ComputerNameSize, StringLen;
912 PBYTE Buffer;
913 PEVENTLOGRECORD pRec;
914 PWSTR str;
915 UINT i, pos;
916
917 SourceNameSize = (SourceName && SourceName->Buffer) ? SourceName->Length : 0;
918 ComputerNameSize = (ComputerName && ComputerName->Buffer) ? ComputerName->Length : 0;
919
920 RecSize = sizeof(EVENTLOGRECORD) + /* Add the sizes of the strings, NULL-terminated */
921 SourceNameSize + ComputerNameSize + 2*sizeof(UNICODE_NULL);
922
923 /* Align on DWORD boundary for the SID */
924 RecSize = ROUND_UP(RecSize, sizeof(ULONG));
925
926 RecSize += dwSidLength;
927
928 /* Add the sizes for the strings array */
929 ASSERT((pStrings == NULL && wNumStrings == 0) ||
930 (pStrings != NULL && wNumStrings >= 0));
931 for (i = 0, str = pStrings; i < wNumStrings; i++)
932 {
933 StringLen = wcslen(str) + 1; // str must be != NULL
934 RecSize += StringLen * sizeof(WCHAR);
935 str += StringLen;
936 }
937
938 /* Add the data size */
939 RecSize += dwDataSize;
940
941 /* Align on DWORD boundary for the full structure */
942 RecSize = ROUND_UP(RecSize, sizeof(ULONG));
943
944 /* Size of the trailing 'Length' member */
945 RecSize += sizeof(ULONG);
946
947 Buffer = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, RecSize);
948 if (!Buffer)
949 {
950 DPRINT1("Cannot allocate heap!\n");
951 return NULL;
952 }
953
954 pRec = (PEVENTLOGRECORD)Buffer;
955 pRec->Length = RecSize;
956 pRec->Reserved = LOGFILE_SIGNATURE;
957
958 /*
959 * Do not assign here any precomputed record number to the event record.
960 * The true record number will be assigned atomically and sequentially in
961 * LogfWriteRecord, so that all the event records will have consistent and
962 * unique record numbers.
963 */
964 pRec->RecordNumber = 0;
965
966 /*
967 * Set the generated time, and temporarily set the written time
968 * with the generated time.
969 */
970 pRec->TimeGenerated = Time;
971 pRec->TimeWritten = Time;
972
973 pRec->EventID = dwEventId;
974 pRec->EventType = wType;
975 pRec->EventCategory = wCategory;
976
977 pos = sizeof(EVENTLOGRECORD);
978
979 /* NOTE: Equivalents of RtlStringCbCopyUnicodeString calls */
980 if (SourceNameSize)
981 {
982 StringCbCopyNW((PWSTR)(Buffer + pos), SourceNameSize + sizeof(UNICODE_NULL),
983 SourceName->Buffer, SourceNameSize);
984 }
985 pos += SourceNameSize + sizeof(UNICODE_NULL);
986 if (ComputerNameSize)
987 {
988 StringCbCopyNW((PWSTR)(Buffer + pos), ComputerNameSize + sizeof(UNICODE_NULL),
989 ComputerName->Buffer, ComputerNameSize);
990 }
991 pos += ComputerNameSize + sizeof(UNICODE_NULL);
992
993 /* Align on DWORD boundary for the SID */
994 pos = ROUND_UP(pos, sizeof(ULONG));
995
996 pRec->UserSidLength = 0;
997 pRec->UserSidOffset = 0;
998 if (dwSidLength)
999 {
1000 RtlCopyMemory(Buffer + pos, pUserSid, dwSidLength);
1001 pRec->UserSidLength = dwSidLength;
1002 pRec->UserSidOffset = pos;
1003 pos += dwSidLength;
1004 }
1005
1006 pRec->StringOffset = pos;
1007 for (i = 0, str = pStrings; i < wNumStrings; i++)
1008 {
1009 StringLen = wcslen(str) + 1; // str must be != NULL
1010 StringCchCopyW((PWSTR)(Buffer + pos), StringLen, str);
1011 str += StringLen;
1012 pos += StringLen * sizeof(WCHAR);
1013 }
1014 pRec->NumStrings = wNumStrings;
1015
1016 pRec->DataLength = 0;
1017 pRec->DataOffset = 0;
1018 if (dwDataSize)
1019 {
1020 RtlCopyMemory(Buffer + pos, pRawData, dwDataSize);
1021 pRec->DataLength = dwDataSize;
1022 pRec->DataOffset = pos;
1023 pos += dwDataSize;
1024 }
1025
1026 /* Align on DWORD boundary for the full structure */
1027 pos = ROUND_UP(pos, sizeof(ULONG));
1028
1029 /* Initialize the trailing 'Length' member */
1030 *((PDWORD)(Buffer + pos)) = RecSize;
1031
1032 *pRecSize = RecSize;
1033 return pRec;
1034}
SourceName
WCHAR SourceName[256]
Definition: arping.c:28
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:590
Buffer
Definition: bufpool.h:45
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:34
LOGFILE_SIGNATURE
#define LOGFILE_SIGNATURE
Definition: evtlib.h:43
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
ASSERT
#define ASSERT(a)
Definition: mode.c:44
Time
static PLARGE_INTEGER Time
Definition: time.c:105
UINT
unsigned int UINT
Definition: ndis.h:50
UNICODE_NULL
#define UNICODE_NULL
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
PDWORD
DWORD * PDWORD
Definition: pedump.c:68
str
const WCHAR * str
Definition: rpc_transport.c:2724
StringCbCopyNW
STRSAFEAPI StringCbCopyNW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc, size_t cbToCopy)
Definition: strsafe.h:255
StringCchCopyW
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
_EVENTLOGRECORD
Definition: winnt_old.h:2840
_EVENTLOGRECORD::DataOffset
DWORD DataOffset
Definition: winnt_old.h:2856
_EVENTLOGRECORD::NumStrings
WORD NumStrings
Definition: winnt_old.h:2848
_EVENTLOGRECORD::EventType
WORD EventType
Definition: winnt_old.h:2847
_EVENTLOGRECORD::StringOffset
DWORD StringOffset
Definition: winnt_old.h:2852
_EVENTLOGRECORD::DataLength
DWORD DataLength
Definition: winnt_old.h:2855
_EVENTLOGRECORD::TimeGenerated
DWORD TimeGenerated
Definition: winnt_old.h:2844
_EVENTLOGRECORD::Reserved
DWORD Reserved
Definition: winnt_old.h:2842
_EVENTLOGRECORD::TimeWritten
DWORD TimeWritten
Definition: winnt_old.h:2845
_EVENTLOGRECORD::EventID
DWORD EventID
Definition: winnt_old.h:2846
_EVENTLOGRECORD::EventCategory
WORD EventCategory
Definition: winnt_old.h:2849
_EVENTLOGRECORD::RecordNumber
DWORD RecordNumber
Definition: winnt_old.h:2843
_EVENTLOGRECORD::UserSidOffset
DWORD UserSidOffset
Definition: winnt_old.h:2854
_EVENTLOGRECORD::Length
DWORD Length
Definition: winnt_old.h:2841
_EVENTLOGRECORD::UserSidLength
DWORD UserSidLength
Definition: winnt_old.h:2853
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
ULONG
uint32_t ULONG
Definition: typedefs.h:59
EVENTLOGRECORD
struct _EVENTLOGRECORD EVENTLOGRECORD
PEVENTLOGRECORD
struct _EVENTLOGRECORD * PEVENTLOGRECORD

Referenced by ElfrIntReportEventW(), LogfReportEvent(), and ProcessPortMessage().

◆ LogfBackupFile()

NTSTATUS LogfBackupFile ( PLOGFILE  LogFile,
PUNICODE_STRING  BackupFileName 
)

Definition at line 499 of file file.c.

501{
502 NTSTATUS Status;
503 LOGFILE BackupLogFile;
504 OBJECT_ATTRIBUTES ObjectAttributes;
505 IO_STATUS_BLOCK IoStatusBlock;
506
507 DPRINT("LogfBackupFile(%p, %wZ)\n", LogFile, BackupFileName);
508
509 /* Lock the log file shared */
510 RtlAcquireResourceShared(&LogFile->Lock, TRUE);
511
512 InitializeObjectAttributes(&ObjectAttributes,
513 BackupFileName,
514 OBJ_CASE_INSENSITIVE,
515 NULL,
516 NULL);
517
518 Status = NtCreateFile(&BackupLogFile.FileHandle,
519 GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
520 &ObjectAttributes,
521 &IoStatusBlock,
522 NULL,
523 FILE_ATTRIBUTE_NORMAL,
524 FILE_SHARE_READ,
525 FILE_CREATE,
526 FILE_WRITE_THROUGH | FILE_SYNCHRONOUS_IO_NONALERT,
527 NULL,
528 0);
529 if (!NT_SUCCESS(Status))
530 {
531 DPRINT("Cannot create backup file `%wZ' (Status 0x%08lx)\n", BackupFileName, Status);
532 goto Quit;
533 }
534
535 Status = ElfBackupFile(&LogFile->LogFile,
536 &BackupLogFile.LogFile);
537
538Quit:
539 /* Close the backup file */
540 if (BackupLogFile.FileHandle != NULL)
541 NtClose(BackupLogFile.FileHandle);
542
543 /* Unlock the log file */
544 RtlReleaseResource(&LogFile->Lock);
545
546 return Status;
547}
GENERIC_READ
#define GENERIC_READ
Definition: compat.h:135
FILE_ATTRIBUTE_NORMAL
#define FILE_ATTRIBUTE_NORMAL
Definition: compat.h:137
FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136
ElfBackupFile
NTSTATUS NTAPI ElfBackupFile(IN PEVTLOGFILE LogFile, IN PEVTLOGFILE BackupLogFile)
Definition: evtlib.c:979
FILE_CREATE
#define FILE_CREATE
Definition: from_kernel.h:55
FILE_SYNCHRONOUS_IO_NONALERT
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
FILE_WRITE_THROUGH
#define FILE_WRITE_THROUGH
Definition: from_kernel.h:26
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
RtlAcquireResourceShared
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
RtlReleaseResource
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61
NtCreateFile
NTSTATUS NTAPI NtCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
_LOGFILE
Definition: eventlog.h:35
_LOGFILE::Lock
RTL_RESOURCE Lock
Definition: eventlog.h:39
_LOGFILE::LogFile
EVTLOGFILE LogFile
Definition: eventlog.h:36
_LOGFILE::FileHandle
HANDLE FileHandle
Definition: eventlog.h:37

Referenced by ElfrBackupELFW(), and LogfClearFile().

◆ LogfClearFile()

NTSTATUS LogfClearFile ( PLOGFILE  LogFile,
PUNICODE_STRING  BackupFileName 
)

Definition at line 467 of file file.c.

469{
470 NTSTATUS Status;
471
472 /* Lock the log file exclusive */
473 RtlAcquireResourceExclusive(&LogFile->Lock, TRUE);
474
475 if (BackupFileName->Length > 0)
476 {
477 /* Write a backup file */
478 Status = LogfBackupFile(LogFile, BackupFileName);
479 if (!NT_SUCCESS(Status))
480 {
481 DPRINT1("LogfBackupFile failed (Status 0x%08lx)\n", Status);
482 goto Quit;
483 }
484 }
485
486 Status = ElfReCreateFile(&LogFile->LogFile);
487 if (!NT_SUCCESS(Status))
488 {
489 DPRINT1("LogfInitializeNew failed (Status 0x%08lx)\n", Status);
490 }
491
492Quit:
493 /* Unlock the log file */
494 RtlReleaseResource(&LogFile->Lock);
495 return Status;
496}
LogfBackupFile
NTSTATUS LogfBackupFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:499
ElfReCreateFile
NTSTATUS NTAPI ElfReCreateFile(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:966
RtlAcquireResourceExclusive
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)

Referenced by ElfrClearELFW().

◆ LogfClose()

VOID LogfClose ( PLOGFILE  LogFile,
BOOLEAN  ForceClose 
)

Definition at line 428 of file file.c.

430{
431 if (LogFile == NULL)
432 return;
433
434 if (!ForceClose && LogFile->Permanent)
435 return;
436
437 RtlAcquireResourceExclusive(&LogFile->Lock, TRUE);
438
439 LogfListRemoveItem(LogFile);
440
441 ElfCloseFile(&LogFile->LogFile);
442 NtClose(LogFile->FileHandle);
443 LogfpFree(LogFile->LogName, 0, 0);
444
445 RtlDeleteResource(&LogFile->Lock);
446
447 LogfpFree(LogFile, 0, TAG_ELF);
448
449 return;
450}
LogfListRemoveItem
static VOID LogfListRemoveItem(PLOGFILE Item)
Definition: file.c:145
LogfpFree
static VOID NTAPI LogfpFree(IN PVOID Ptr, IN ULONG Flags, IN ULONG Tag)
Definition: file.c:169
ElfCloseFile
VOID NTAPI ElfCloseFile(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1179
TAG_ELF
#define TAG_ELF
Definition: evtlib.h:151
RtlDeleteResource
NTSYSAPI VOID NTAPI RtlDeleteResource(_In_ PRTL_RESOURCE Resource)
_LOGFILE::Permanent
BOOL Permanent
Definition: eventlog.h:40

Referenced by ElfDeleteEventLogHandle(), and LogfCloseAll().

◆ LogfCloseAll()

VOID LogfCloseAll ( VOID  )

Definition at line 452 of file file.c.

453{
454 EnterCriticalSection(&LogFileListCs);
455
456 while (!IsListEmpty(&LogFileListHead))
457 {
458 LogfClose(CONTAINING_RECORD(LogFileListHead.Flink, LOGFILE, ListEntry), TRUE);
459 }
460
461 LeaveCriticalSection(&LogFileListCs);
462
463 DeleteCriticalSection(&LogFileListCs);
464}
LogfClose
VOID LogfClose(PLOGFILE LogFile, BOOLEAN ForceClose)
Definition: file.c:428
LogFileListHead
static LIST_ENTRY LogFileListHead
Definition: file.c:22
LogFileListCs
static CRITICAL_SECTION LogFileListCs
Definition: file.c:23
IsListEmpty
#define IsListEmpty(ListHead)
Definition: env_spec_w32.h:954
DeleteCriticalSection
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)

Referenced by wmain().

◆ LogfCreate()

NTSTATUS LogfCreate ( PLOGFILE LogFile,
PCWSTR  LogName,
PUNICODE_STRING  FileName,
ULONG  MaxSize,
ULONG  Retention,
BOOLEAN  Permanent,
BOOLEAN  Backup 
)

Definition at line 294 of file file.c.

301{
302 NTSTATUS Status;
303 OBJECT_ATTRIBUTES ObjectAttributes;
304 IO_STATUS_BLOCK IoStatusBlock;
305 FILE_STANDARD_INFORMATION FileStdInfo;
306 PLOGFILE pLogFile;
307 SIZE_T LogNameLen;
308 BOOLEAN CreateNew;
309
310 pLogFile = LogfpAlloc(sizeof(*pLogFile), HEAP_ZERO_MEMORY, TAG_ELF);
311 if (!pLogFile)
312 {
313 DPRINT1("Cannot allocate heap!\n");
314 return STATUS_NO_MEMORY;
315 }
316
317 LogNameLen = (LogName ? wcslen(LogName) : 0) + 1;
318 pLogFile->LogName = LogfpAlloc(LogNameLen * sizeof(WCHAR), HEAP_ZERO_MEMORY, 0);
319 if (pLogFile->LogName == NULL)
320 {
321 DPRINT1("Cannot allocate heap\n");
322 Status = STATUS_NO_MEMORY;
323 goto Quit;
324 }
325
326 if (LogName)
327 StringCchCopyW(pLogFile->LogName, LogNameLen, LogName);
328
329 InitializeObjectAttributes(&ObjectAttributes,
330 FileName,
331 OBJ_CASE_INSENSITIVE,
332 NULL,
333 NULL);
334
335 DPRINT("Going to create or open %wZ\n", FileName);
336 Status = NtCreateFile(&pLogFile->FileHandle,
337 Backup ? (GENERIC_READ | SYNCHRONIZE)
338 : (GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE),
339 &ObjectAttributes,
340 &IoStatusBlock,
341 NULL,
342 FILE_ATTRIBUTE_NORMAL,
343 FILE_SHARE_READ,
344 Backup ? FILE_OPEN : FILE_OPEN_IF,
345 FILE_SYNCHRONOUS_IO_NONALERT,
346 NULL,
347 0);
348 if (!NT_SUCCESS(Status))
349 {
350 DPRINT1("Cannot create file `%wZ' (Status 0x%08lx)\n", FileName, Status);
351 goto Quit;
352 }
353
354 CreateNew = (IoStatusBlock.Information == FILE_CREATED);
355 DPRINT("%wZ %s successfully\n", FileName, CreateNew ? "created" : "opened");
356
357 /*
358 * Retrieve the log file size and check whether the file is not too large;
359 * this log format only supports files of theoretical size < 0xFFFFFFFF .
360 *
361 * As it happens that, on Windows (and ReactOS), retrieving the End-Of-File
362 * information using NtQueryInformationFile with the FileEndOfFileInformation
363 * class is invalid (who knows why...), use instead the FileStandardInformation
364 * class, and the EndOfFile member of the returned FILE_STANDARD_INFORMATION
365 * structure will give the desired information.
366 */
367 Status = NtQueryInformationFile(pLogFile->FileHandle,
368 &IoStatusBlock,
369 &FileStdInfo,
370 sizeof(FileStdInfo),
371 FileStandardInformation);
372 if (!NT_SUCCESS(Status))
373 {
374 DPRINT1("EventLog: NtQueryInformationFile failed (Status 0x%08lx)\n", Status);
375 goto Quit;
376 }
377 if (FileStdInfo.EndOfFile.HighPart != 0)
378 {
379 DPRINT1("EventLog: Log `%wZ' is too large.\n", FileName);
380 Status = STATUS_EVENTLOG_FILE_CORRUPT; // STATUS_FILE_TOO_LARGE;
381 goto Quit;
382 }
383
384 DPRINT("Initializing LogFile `%S'\n", pLogFile->LogName);
385
386 Status = ElfCreateFile(&pLogFile->LogFile,
387 FileName,
388 FileStdInfo.EndOfFile.LowPart,
389 MaxSize,
390 Retention,
391 CreateNew,
392 Backup,
393 LogfpAlloc,
394 LogfpFree,
395 LogfpSetFileSize,
396 LogfpWriteFile,
397 LogfpReadFile,
398 LogfpFlushFile);
399 if (!NT_SUCCESS(Status))
400 goto Quit;
401
402 pLogFile->Permanent = Permanent;
403
404 RtlInitializeResource(&pLogFile->Lock);
405
406 LogfListAddItem(pLogFile);
407
408Quit:
409 if (!NT_SUCCESS(Status))
410 {
411 if (pLogFile->FileHandle != NULL)
412 NtClose(pLogFile->FileHandle);
413
414 if (pLogFile->LogName)
415 LogfpFree(pLogFile->LogName, 0, 0);
416
417 LogfpFree(pLogFile, 0, TAG_ELF);
418 }
419 else
420 {
421 *LogFile = pLogFile;
422 }
423
424 return Status;
425}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
LogfpSetFileSize
static NTSTATUS NTAPI LogfpSetFileSize(IN PEVTLOGFILE LogFile, IN ULONG FileSize, IN ULONG OldFileSize)
Definition: file.c:244
LogfpAlloc
static PVOID NTAPI LogfpAlloc(IN SIZE_T Size, IN ULONG Flags, IN ULONG Tag)
Definition: file.c:158
LogfpFlushFile
static NTSTATUS NTAPI LogfpFlushFile(IN PEVTLOGFILE LogFile, IN PLARGE_INTEGER FileOffset, IN ULONG Length)
Definition: file.c:280
LogfpWriteFile
static NTSTATUS NTAPI LogfpWriteFile(IN PEVTLOGFILE LogFile, IN PLARGE_INTEGER FileOffset, IN PVOID Buffer, IN SIZE_T Length, OUT PSIZE_T WrittenLength OPTIONAL)
Definition: file.c:212
LogfListAddItem
static VOID LogfListAddItem(PLOGFILE Item)
Definition: file.c:137
LogfpReadFile
static NTSTATUS NTAPI LogfpReadFile(IN PEVTLOGFILE LogFile, IN PLARGE_INTEGER FileOffset, OUT PVOID Buffer, IN SIZE_T Length, OUT PSIZE_T ReadLength OPTIONAL)
Definition: file.c:180
ElfCreateFile
NTSTATUS NTAPI ElfCreateFile(IN OUT PEVTLOGFILE LogFile, IN PUNICODE_STRING FileName OPTIONAL, IN ULONG FileSize, IN ULONG MaxSize, IN ULONG Retention, IN BOOLEAN CreateNew, IN BOOLEAN ReadOnly, IN PELF_ALLOCATE_ROUTINE Allocate, IN PELF_FREE_ROUTINE Free, IN PELF_FILE_SET_SIZE_ROUTINE FileSetSize, IN PELF_FILE_WRITE_ROUTINE FileWrite, IN PELF_FILE_READ_ROUTINE FileRead, IN PELF_FILE_FLUSH_ROUTINE FileFlush)
Definition: evtlib.c:876
FILE_OPEN
#define FILE_OPEN
Definition: from_kernel.h:54
FILE_OPEN_IF
#define FILE_OPEN_IF
Definition: from_kernel.h:56
RtlInitializeResource
NTSYSAPI VOID NTAPI RtlInitializeResource(_In_ PRTL_RESOURCE Resource)
FILE_CREATED
#define FILE_CREATED
Definition: nt_native.h:770
NtQueryInformationFile
NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(IN HANDLE hFile, OUT PIO_STATUS_BLOCK pIoStatusBlock, OUT PVOID FileInformationBuffer, IN ULONG FileInformationBufferLength, IN FILE_INFORMATION_CLASS FileInfoClass)
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
STATUS_EVENTLOG_FILE_CORRUPT
#define STATUS_EVENTLOG_FILE_CORRUPT
Definition: ntstatus.h:631
FileStandardInformation
#define FileStandardInformation
Definition: propsheet.cpp:61
_FILE_STANDARD_INFORMATION
Definition: propsheet.cpp:53
_FILE_STANDARD_INFORMATION::EndOfFile
LARGE_INTEGER EndOfFile
Definition: propsheet.cpp:55
_FileName
Definition: filecomp.c:348
_IO_STATUS_BLOCK::Information
ULONG Information
Definition: env_spec_w32.h:872
_LARGE_INTEGER::LowPart
ULONG LowPart
Definition: typedefs.h:106
_LARGE_INTEGER::HighPart
LONG HighPart
Definition: typedefs.h:107

Referenced by ElfCreateBackupLogHandle(), and LoadLogFile().

◆ LogfFreeRecord()

static __inline void LogfFreeRecord ( PEVENTLOGRECORD  Record)
static

Definition at line 143 of file eventlog.h.

144{
145 RtlFreeHeap(GetProcessHeap(), 0, Record);
146}
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
Record
_In_ struct _KBUGCHECK_REASON_CALLBACK_RECORD * Record
Definition: ketypes.h:268

Referenced by ElfrIntReportEventW(), LogfReportEvent(), and ProcessPortMessage().

◆ LogfListInitialize()

VOID LogfListInitialize ( VOID  )

Definition at line 27 of file file.c.

28{
29 InitializeCriticalSection(&LogFileListCs);
30 InitializeListHead(&LogFileListHead);
31}

Referenced by wmain().

◆ LogfListItemByIndex()

PLOGFILE LogfListItemByIndex ( DWORD  Index)

Definition at line 93 of file file.c.

94{
95 PLIST_ENTRY CurrentEntry;
96 PLOGFILE Result = NULL;
97 DWORD i = 1;
98
99 EnterCriticalSection(&LogFileListCs);
100
101 CurrentEntry = LogFileListHead.Flink;
102 while (CurrentEntry != &LogFileListHead)
103 {
104 if (i == Index)
105 {
106 Result = CONTAINING_RECORD(CurrentEntry, LOGFILE, ListEntry);
107 break;
108 }
109
110 CurrentEntry = CurrentEntry->Flink;
111 i++;
112 }
113
114 LeaveCriticalSection(&LogFileListCs);
115 return Result;
116}
Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:182

Referenced by ElfCreateEventLogHandle().

◆ LogfListItemByName()

PLOGFILE LogfListItemByName ( LPCWSTR  Name)

Definition at line 33 of file file.c.

34{
35 PLIST_ENTRY CurrentEntry;
36 PLOGFILE Item, Result = NULL;
37
38 ASSERT(Name);
39
40 EnterCriticalSection(&LogFileListCs);
41
42 CurrentEntry = LogFileListHead.Flink;
43 while (CurrentEntry != &LogFileListHead)
44 {
45 Item = CONTAINING_RECORD(CurrentEntry, LOGFILE, ListEntry);
46
47 if (Item->LogName && !_wcsicmp(Item->LogName, Name))
48 {
49 Result = Item;
50 break;
51 }
52
53 CurrentEntry = CurrentEntry->Flink;
54 }
55
56 LeaveCriticalSection(&LogFileListCs);
57 return Result;
58}

Referenced by ElfCreateEventLogHandle(), and ProcessPortMessage().

◆ LogfListItemCount()

DWORD LogfListItemCount ( VOID  )

Definition at line 118 of file file.c.

119{
120 PLIST_ENTRY CurrentEntry;
121 DWORD i = 0;
122
123 EnterCriticalSection(&LogFileListCs);
124
125 CurrentEntry = LogFileListHead.Flink;
126 while (CurrentEntry != &LogFileListHead)
127 {
128 CurrentEntry = CurrentEntry->Flink;
129 i++;
130 }
131
132 LeaveCriticalSection(&LogFileListCs);
133 return i;
134}

Referenced by ElfCreateEventLogHandle().

◆ LogfReadEvents()

NTSTATUS LogfReadEvents ( PLOGFILE  LogFile,
ULONG  Flags,
PULONG  RecordNumber,
ULONG  BufSize,
PBYTE  Buffer,
PULONG  BytesRead,
PULONG  BytesNeeded,
BOOLEAN  Ansi 
)

Definition at line 721 of file file.c.

729{
730 NTSTATUS Status;
731 ULONG RecNum;
732 SIZE_T ReadLength, NeededSize;
733 ULONG BufferUsage;
734
735 /* Parameters validation */
736
737 /* EVENTLOG_SEQUENTIAL_READ and EVENTLOG_SEEK_READ are mutually exclusive */
738 if ((Flags & EVENTLOG_SEQUENTIAL_READ) && (Flags & EVENTLOG_SEEK_READ))
739 return STATUS_INVALID_PARAMETER;
740
741 if (!(Flags & EVENTLOG_SEQUENTIAL_READ) && !(Flags & EVENTLOG_SEEK_READ))
742 return STATUS_INVALID_PARAMETER;
743
744 /* EVENTLOG_FORWARDS_READ and EVENTLOG_BACKWARDS_READ are mutually exclusive */
745 if ((Flags & EVENTLOG_FORWARDS_READ) && (Flags & EVENTLOG_BACKWARDS_READ))
746 return STATUS_INVALID_PARAMETER;
747
748 if (!(Flags & EVENTLOG_FORWARDS_READ) && !(Flags & EVENTLOG_BACKWARDS_READ))
749 return STATUS_INVALID_PARAMETER;
750
751 if (!Buffer || !BytesRead || !BytesNeeded)
752 return STATUS_INVALID_PARAMETER;
753
754 /* In seek read mode, a record number of 0 is invalid */
755 if (!(Flags & EVENTLOG_SEQUENTIAL_READ) && (*RecordNumber == 0))
756 return STATUS_INVALID_PARAMETER;
757
758 /* Lock the log file shared */
759 RtlAcquireResourceShared(&LogFile->Lock, TRUE);
760
761 /*
762 * In sequential read mode, a record number of 0 means we need
763 * to determine where to start the read operation. Otherwise
764 * we just use the provided record number.
765 */
766 if ((Flags & EVENTLOG_SEQUENTIAL_READ) && (*RecordNumber == 0))
767 {
768 if (Flags & EVENTLOG_FORWARDS_READ)
769 {
770 *RecordNumber = ElfGetOldestRecord(&LogFile->LogFile);
771 }
772 else // if (Flags & EVENTLOG_BACKWARDS_READ)
773 {
774 *RecordNumber = ElfGetCurrentRecord(&LogFile->LogFile) - 1;
775 }
776 }
777
778 RecNum = *RecordNumber;
779
780 *BytesRead = 0;
781 *BytesNeeded = 0;
782
783 BufferUsage = 0;
784 do
785 {
786 Status = ReadRecord(&LogFile->LogFile,
787 RecNum,
788 (PEVENTLOGRECORD)(Buffer + BufferUsage),
789 BufSize - BufferUsage,
790 &ReadLength,
791 &NeededSize,
792 Ansi);
793 if (Status == STATUS_NOT_FOUND)
794 {
795 if (BufferUsage == 0)
796 {
797 Status = STATUS_END_OF_FILE;
798 goto Quit;
799 }
800 else
801 {
802 break;
803 }
804 }
805 else
806 if (Status == STATUS_BUFFER_TOO_SMALL)
807 {
808 if (BufferUsage == 0)
809 {
810 *BytesNeeded = NeededSize;
811 // Status = STATUS_BUFFER_TOO_SMALL;
812 goto Quit;
813 }
814 else
815 {
816 break;
817 }
818 }
819 else
820 if (!NT_SUCCESS(Status))
821 {
822 DPRINT1("ElfReadRecord failed (Status 0x%08lx)\n", Status);
823 goto Quit;
824 }
825
826 /* Go to the next event record */
827 /*
828 * NOTE: This implicitly supposes that all the other record numbers
829 * are consecutive (and do not jump than more than one unit); but if
830 * it is not the case, then we would prefer here to call some
831 * "get_next_record_number" function.
832 */
833 if (Flags & EVENTLOG_FORWARDS_READ)
834 RecNum++;
835 else // if (Flags & EVENTLOG_BACKWARDS_READ)
836 RecNum--;
837
838 BufferUsage += ReadLength;
839 }
840 while (BufferUsage <= BufSize);
841
842 *BytesRead = BufferUsage;
843 *RecordNumber = RecNum;
844
845 Status = STATUS_SUCCESS;
846
847Quit:
848 /* Unlock the log file */
849 RtlReleaseResource(&LogFile->Lock);
850
851 if (!NT_SUCCESS(Status))
852 DPRINT1("LogfReadEvents failed (Status 0x%08lx)\n", Status);
853
854 return Status;
855}
ReadLength
ULONG ReadLength
Definition: CcCopyRead_drv.c:29
BufSize
#define BufSize
Definition: FsRtlTunnel.c:28
ReadRecord
static NTSTATUS ReadRecord(IN PEVTLOGFILE LogFile, IN ULONG RecordNumber, OUT PEVENTLOGRECORD Record, IN SIZE_T BufSize, OUT PSIZE_T BytesRead OPTIONAL, OUT PSIZE_T BytesNeeded OPTIONAL, IN BOOLEAN Ansi)
Definition: file.c:551
ElfGetOldestRecord
ULONG NTAPI ElfGetOldestRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1589
ElfGetCurrentRecord
ULONG NTAPI ElfGetCurrentRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1598
STATUS_END_OF_FILE
#define STATUS_END_OF_FILE
Definition: shellext.h:67
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
BytesRead
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR _In_opt_ PLONGLONG _In_opt_ PWDF_REQUEST_SEND_OPTIONS _Out_opt_ PULONG_PTR BytesRead
Definition: wdfiotarget.h:870
EVENTLOG_SEQUENTIAL_READ
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2828
EVENTLOG_BACKWARDS_READ
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2831
EVENTLOG_FORWARDS_READ
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2830
EVENTLOG_SEEK_READ
#define EVENTLOG_SEEK_READ
Definition: winnt_old.h:2829
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170

Referenced by ElfrReadELA(), and ElfrReadELW().

◆ LogfReportEvent()

VOID LogfReportEvent ( USHORT  wType,
USHORT  wCategory,
ULONG  dwEventId,
USHORT  wNumStrings,
PWSTR  pStrings,
ULONG  dwDataSize,
PVOID  pRawData 
)

Definition at line 1037 of file file.c.

1044{
1045 NTSTATUS Status;
1046 UNICODE_STRING SourceName, ComputerName;
1047 PEVENTLOGRECORD LogBuffer;
1048 LARGE_INTEGER SystemTime;
1049 ULONG Time;
1050 SIZE_T RecSize;
1051 DWORD dwComputerNameLength;
1052 WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1053
1054 if (!EventLogSource)
1055 return;
1056
1057 RtlInitUnicodeString(&SourceName, EventLogSource->szName);
1058
1059 dwComputerNameLength = ARRAYSIZE(szComputerName);
1060 if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
1061 szComputerName[0] = L'\0';
1062
1063 RtlInitUnicodeString(&ComputerName, szComputerName);
1064
1065 NtQuerySystemTime(&SystemTime);
1066 RtlTimeToSecondsSince1970(&SystemTime, &Time);
1067
1068 LogBuffer = LogfAllocAndBuildNewRecord(&RecSize,
1069 Time,
1070 wType,
1071 wCategory,
1072 dwEventId,
1073 &SourceName,
1074 &ComputerName,
1075 0,
1076 NULL,
1077 wNumStrings,
1078 pStrings,
1079 dwDataSize,
1080 pRawData);
1081 if (LogBuffer == NULL)
1082 {
1083 DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
1084 return;
1085 }
1086
1087 Status = LogfWriteRecord(EventLogSource->LogFile, LogBuffer, RecSize);
1088 if (!NT_SUCCESS(Status))
1089 {
1090 DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
1091 EventLogSource->LogFile->LogName, Status);
1092 }
1093
1094 LogfFreeRecord(LogBuffer);
1095}
EventLogSource
PEVENTSOURCE EventLogSource
Definition: eventlog.c:35
LogfWriteRecord
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
Definition: file.c:858
LogfAllocAndBuildNewRecord
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:896
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
LogfFreeRecord
static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
Definition: eventlog.h:143
RtlTimeToSecondsSince1970
BOOLEAN NTAPI RtlTimeToSecondsSince1970(PLARGE_INTEGER Time, PULONG ElapsedSeconds)
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NtQuerySystemTime
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:483
_EVENTSOURCE::szName
WCHAR szName[1]
Definition: eventlog.h:48
_EVENTSOURCE::LogFile
PLOGFILE LogFile
Definition: eventlog.h:47
_LARGE_INTEGER
Definition: typedefs.h:103
MAX_COMPUTERNAME_LENGTH
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:243

Referenced by ReportProductInfoEvent(), ServiceControlHandler(), and ServiceMain().

◆ LogfWriteRecord()

NTSTATUS LogfWriteRecord ( PLOGFILE  LogFile,
PEVENTLOGRECORD  Record,
SIZE_T  BufSize 
)

Definition at line 858 of file file.c.

861{
862 NTSTATUS Status;
863 LARGE_INTEGER SystemTime;
864
865 // ASSERT(sizeof(*Record) == sizeof(RecBuf));
866
867 if (!Record || BufSize < sizeof(*Record))
868 return STATUS_INVALID_PARAMETER;
869
870 /* Lock the log file exclusive */
871 RtlAcquireResourceExclusive(&LogFile->Lock, TRUE);
872
873 /*
874 * Retrieve the record written time now, that will also be compared
875 * with the existing events timestamps in case the log is wrapping.
876 */
877 NtQuerySystemTime(&SystemTime);
878 RtlTimeToSecondsSince1970(&SystemTime, &Record->TimeWritten);
879
880 Status = ElfWriteRecord(&LogFile->LogFile, Record, BufSize);
881 if (Status == STATUS_LOG_FILE_FULL)
882 {
883 /* The event log file is full, queue a message box for the user and exit */
884 // TODO!
885 DPRINT1("Log file `%S' is full!\n", LogFile->LogName);
886 }
887
888 /* Unlock the log file */
889 RtlReleaseResource(&LogFile->Lock);
890
891 return Status;
892}
ElfWriteRecord
NTSTATUS NTAPI ElfWriteRecord(IN PEVTLOGFILE LogFile, IN PEVENTLOGRECORD Record, IN SIZE_T BufSize)
Definition: evtlib.c:1269
STATUS_LOG_FILE_FULL
#define STATUS_LOG_FILE_FULL
Definition: ntstatus.h:625

Referenced by ElfrIntReportEventW(), LogfReportEvent(), and ProcessPortMessage().

◆ PortThreadRoutine()

NTSTATUS WINAPI PortThreadRoutine ( PVOID  Param)

Definition at line 27 of file logport.c.

28{
29 NTSTATUS Status = STATUS_SUCCESS;
30
31 Status = InitLogPort();
32 if (!NT_SUCCESS(Status))
33 return Status;
34
35 while (NT_SUCCESS(Status))
36 Status = ProcessPortMessage();
37
38 if (ConnectPortHandle != NULL)
39 NtClose(ConnectPortHandle);
40
41 if (MessagePortHandle != NULL)
42 NtClose(MessagePortHandle);
43
44 return Status;
45}
ProcessPortMessage
NTSTATUS ProcessPortMessage(VOID)
Definition: logport.c:104
InitLogPort
NTSTATUS InitLogPort(VOID)
Definition: logport.c:47

Referenced by ServiceInit().

◆ PRINT_RECORD()

VOID PRINT_RECORD ( PEVENTLOGRECORD  pRec)

Definition at line 544 of file eventlog.c.

545{
546 UINT i;
547 PWSTR str;
548 LARGE_INTEGER SystemTime;
549 TIME_FIELDS Time;
550
551 DPRINT1("PRINT_RECORD(0x%p)\n", pRec);
552
553 DbgPrint("Length = %lu\n", pRec->Length);
554 DbgPrint("Reserved = 0x%x\n", pRec->Reserved);
555 DbgPrint("RecordNumber = %lu\n", pRec->RecordNumber);
556
557 RtlSecondsSince1970ToTime(pRec->TimeGenerated, &SystemTime);
558 RtlTimeToTimeFields(&SystemTime, &Time);
559 DbgPrint("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
560 Time.Day, Time.Month, Time.Year,
561 Time.Hour, Time.Minute, Time.Second);
562
563 RtlSecondsSince1970ToTime(pRec->TimeWritten, &SystemTime);
564 RtlTimeToTimeFields(&SystemTime, &Time);
565 DbgPrint("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
566 Time.Day, Time.Month, Time.Year,
567 Time.Hour, Time.Minute, Time.Second);
568
569 DbgPrint("EventID = %lu\n", pRec->EventID);
570
571 switch (pRec->EventType)
572 {
573 case EVENTLOG_ERROR_TYPE:
574 DbgPrint("EventType = EVENTLOG_ERROR_TYPE\n");
575 break;
576 case EVENTLOG_WARNING_TYPE:
577 DbgPrint("EventType = EVENTLOG_WARNING_TYPE\n");
578 break;
579 case EVENTLOG_INFORMATION_TYPE:
580 DbgPrint("EventType = EVENTLOG_INFORMATION_TYPE\n");
581 break;
582 case EVENTLOG_AUDIT_SUCCESS:
583 DbgPrint("EventType = EVENTLOG_AUDIT_SUCCESS\n");
584 break;
585 case EVENTLOG_AUDIT_FAILURE:
586 DbgPrint("EventType = EVENTLOG_AUDIT_FAILURE\n");
587 break;
588 default:
589 DbgPrint("EventType = %hu\n", pRec->EventType);
590 }
591
592 DbgPrint("NumStrings = %hu\n", pRec->NumStrings);
593 DbgPrint("EventCategory = %hu\n", pRec->EventCategory);
594 DbgPrint("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
595 DbgPrint("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
596 DbgPrint("StringOffset = %lu\n", pRec->StringOffset);
597 DbgPrint("UserSidLength = %lu\n", pRec->UserSidLength);
598 DbgPrint("UserSidOffset = %lu\n", pRec->UserSidOffset);
599 DbgPrint("DataLength = %lu\n", pRec->DataLength);
600 DbgPrint("DataOffset = %lu\n", pRec->DataOffset);
601
602 i = sizeof(EVENTLOGRECORD);
603 DbgPrint("SourceName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
604
605 i += (wcslen((PWSTR)((ULONG_PTR)pRec + i)) + 1) * sizeof(WCHAR);
606 DbgPrint("ComputerName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
607
608 if (pRec->StringOffset < pRec->Length && pRec->NumStrings)
609 {
610 DbgPrint("Strings:\n");
611 str = (PWSTR)((ULONG_PTR)pRec + pRec->StringOffset);
612 for (i = 0; i < pRec->NumStrings; i++)
613 {
614 DbgPrint("[%u] %S\n", i, str);
615 str += wcslen(str) + 1;
616 }
617 }
618
619 DbgPrint("Length2 = %lu\n", *(PULONG)((ULONG_PTR)pRec + pRec->Length - 4));
620}
RtlTimeToTimeFields
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
Definition: env_spec_w32.cpp:895
DbgPrint
#define DbgPrint
Definition: hal.h:12
RtlSecondsSince1970ToTime
NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime(_In_ ULONG SecondsSince1970, _Out_ PLARGE_INTEGER Time)
_EVENTLOGRECORD::ClosingRecordNumber
DWORD ClosingRecordNumber
Definition: winnt_old.h:2851
_EVENTLOGRECORD::ReservedFlags
WORD ReservedFlags
Definition: winnt_old.h:2850
_TIME_FIELDS
Definition: env_spec_w32.h:710
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
EVENTLOG_ERROR_TYPE
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2834
EVENTLOG_AUDIT_FAILURE
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2838
EVENTLOG_INFORMATION_TYPE
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2836
EVENTLOG_AUDIT_SUCCESS
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2837
EVENTLOG_WARNING_TYPE
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2835

Referenced by ProcessPortMessage().

◆ ProcessPortMessage()

NTSTATUS ProcessPortMessage ( VOID  )

Definition at line 104 of file logport.c.

105{
106 NTSTATUS Status;
107 PLOGFILE SystemLog = NULL;
108 UCHAR Buffer[PORT_MAXIMUM_MESSAGE_LENGTH]; // IO_ERROR_LOG_MESSAGE_LENGTH
109 PELF_API_MSG Message = (PELF_API_MSG)Buffer;
110 PIO_ERROR_LOG_MESSAGE ErrorMessage;
111 PEVENTLOGRECORD LogBuffer;
112 SIZE_T RecSize;
113 ULONG Time;
114 USHORT EventType;
115 UNICODE_STRING SourceName, ComputerName;
116 DWORD dwComputerNameLength;
117 WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
118
119 DPRINT("ProcessPortMessage() called\n");
120
121 SystemLog = LogfListItemByName(L"System");
122
123 while (TRUE)
124 {
125 Status = NtReplyWaitReceivePort(MessagePortHandle,
126 NULL,
127 NULL,
128 &Message->Header);
129
130 if (!NT_SUCCESS(Status))
131 {
132 DPRINT1("NtReplyWaitReceivePort() failed (Status %lx)\n", Status);
133 break;
134 }
135
136 DPRINT("Received message\n");
137
138 if (Message->Header.u2.s2.Type == LPC_PORT_CLOSED)
139 {
140 DPRINT("Port closed\n");
141 return STATUS_SUCCESS;
142 }
143
144 if (Message->Header.u2.s2.Type == LPC_REQUEST)
145 {
146 DPRINT("Received request\n");
147 }
148 else if (Message->Header.u2.s2.Type == LPC_DATAGRAM)
149 {
150 DPRINT("Received datagram (0x%x, 0x%x)\n",
151 Message->Unknown[0], Message->Unknown[1]);
152 ErrorMessage = &Message->IoErrorMessage;
153
154 // ASSERT(ErrorMessage->Type == IO_TYPE_ERROR_MESSAGE);
155
156 RtlInitEmptyUnicodeString(&SourceName, NULL, 0);
157 if (ErrorMessage->DriverNameLength > sizeof(UNICODE_NULL)) // DriverNameLength counts NULL-terminator
158 {
159 SourceName.Buffer = (PWSTR)((ULONG_PTR)ErrorMessage + ErrorMessage->DriverNameOffset);
160 SourceName.MaximumLength = ErrorMessage->DriverNameLength;
161 SourceName.Length = SourceName.MaximumLength - sizeof(UNICODE_NULL);
162 }
163
164 dwComputerNameLength = ARRAYSIZE(szComputerName);
165 if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
166 szComputerName[0] = L'\0';
167
168 RtlInitUnicodeString(&ComputerName, szComputerName);
169
170 RtlTimeToSecondsSince1970(&ErrorMessage->TimeStamp, &Time);
171
172 /* Set the event type based on the error code severity */
173 EventType = (USHORT)(ErrorMessage->EntryData.ErrorCode >> 30);
174 if (EventType == STATUS_SEVERITY_SUCCESS)
175 {
176 EventType = EVENTLOG_SUCCESS;
177 }
178 else if (EventType == STATUS_SEVERITY_INFORMATIONAL) // NT_INFORMATION
179 {
180 EventType = EVENTLOG_INFORMATION_TYPE;
181 }
182 else if (EventType == STATUS_SEVERITY_WARNING) // NT_WARNING
183 {
184 EventType = EVENTLOG_WARNING_TYPE;
185 }
186 else if (EventType == STATUS_SEVERITY_ERROR) // NT_ERROR
187 {
188 EventType = EVENTLOG_ERROR_TYPE;
189 }
190 else
191 {
192 /* Unknown severity, set to error */
193 EventType = EVENTLOG_ERROR_TYPE;
194 }
195
196 /*
197 * The data being saved consists of the IO_ERROR_LOG_PACKET structure
198 * header, plus the additional raw data from the driver.
199 */
200 LogBuffer = LogfAllocAndBuildNewRecord(
201 &RecSize,
202 Time,
203 EventType,
204 ErrorMessage->EntryData.EventCategory,
205 ErrorMessage->EntryData.ErrorCode,
206 &SourceName,
207 &ComputerName,
208 0,
209 NULL,
210 ErrorMessage->EntryData.NumberOfStrings,
211 (PWSTR)((ULONG_PTR)ErrorMessage +
212 ErrorMessage->EntryData.StringOffset),
213 FIELD_OFFSET(IO_ERROR_LOG_PACKET, DumpData) +
214 ErrorMessage->EntryData.DumpDataSize,
215 (PVOID)&ErrorMessage->EntryData);
216 if (LogBuffer == NULL)
217 {
218 DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
219 // return STATUS_NO_MEMORY;
220 continue;
221 }
222
223 if (!onLiveCD && SystemLog)
224 {
225 Status = LogfWriteRecord(SystemLog, LogBuffer, RecSize);
226 if (!NT_SUCCESS(Status))
227 {
228 DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
229 SystemLog->LogName, Status);
230 }
231 }
232 else
233 {
234 DPRINT1("\n--- EVENTLOG RECORD ---\n");
235 PRINT_RECORD(LogBuffer);
236 DPRINT1("\n");
237 }
238
239 LogfFreeRecord(LogBuffer);
240 }
241 }
242
243 return Status;
244}
ErrorMessage
static VOID ErrorMessage(_In_ DWORD dwErrorCode, _In_opt_ PCWSTR pszMsg,...)
Definition: attrib.c:33
PRINT_RECORD
VOID PRINT_RECORD(PEVENTLOGRECORD pRec)
Definition: eventlog.c:544
Message
static const WCHAR Message[]
Definition: register.c:74
STATUS_SEVERITY_WARNING
#define STATUS_SEVERITY_WARNING
Definition: errmsg.h:58
STATUS_SEVERITY_ERROR
#define STATUS_SEVERITY_ERROR
Definition: errmsg.h:61
STATUS_SEVERITY_INFORMATIONAL
#define STATUS_SEVERITY_INFORMATIONAL
Definition: errmsg.h:60
STATUS_SEVERITY_SUCCESS
#define STATUS_SEVERITY_SUCCESS
Definition: errmsg.h:59
LogfListItemByName
PLOGFILE LogfListItemByName(LPCWSTR Name)
Definition: file.c:33
LogfWriteRecord
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
Definition: file.c:858
LogfAllocAndBuildNewRecord
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:896
PELF_API_MSG
struct _ELF_API_MSG * PELF_API_MSG
onLiveCD
BOOL onLiveCD
Definition: eventlog.c:33
LPC_REQUEST
#define LPC_REQUEST
Definition: port.c:93
LPC_DATAGRAM
#define LPC_DATAGRAM
Definition: port.c:95
LPC_PORT_CLOSED
#define LPC_PORT_CLOSED
Definition: port.c:97
EventType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
Definition: exfuncs.h:167
NtReplyWaitReceivePort
NTSTATUS NTAPI NtReplyWaitReceivePort(IN HANDLE PortHandle, OUT PVOID *PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage)
Definition: reply.c:743
USHORT
unsigned short USHORT
Definition: pedump.c:61
_ELF_API_MSG
Definition: iolog.h:18
_IO_ERROR_LOG_MESSAGE
Definition: iotypes.h:2016
_IO_ERROR_LOG_PACKET
Definition: iotypes.h:2000
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
EVENTLOG_SUCCESS
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2833
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181

Referenced by PortThreadRoutine().

◆ RpcThreadRoutine()

DWORD WINAPI RpcThreadRoutine ( LPVOID  lpParameter)

Definition at line 20 of file rpcserver.c.

22{
23 RPC_STATUS Status;
24
25 Status = RpcServerUseProtseqEpW(L"ncacn_np", 20, L"\\pipe\\browser", NULL);
26 if (Status != RPC_S_OK)
27 {
28 ERR("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
29 return 0;
30 }
31
32 Status = RpcServerRegisterIf(browser_v0_0_s_ifspec, NULL, NULL);
33 if (Status != RPC_S_OK)
34 {
35 ERR("RpcServerRegisterIf() failed (Status %lx)\n", Status);
36 return 0;
37 }
38
39 Status = RpcServerListen(1, RPC_C_LISTEN_MAX_CALLS_DEFAULT, FALSE);
40 if (Status != RPC_S_OK)
41 {
42 ERR("RpcServerListen() failed (Status %lx)\n", Status);
43 }
44
45 return 0;
46}
ERR
#define ERR(fmt,...)
Definition: debug.h:110
RpcServerListen
RPC_STATUS WINAPI RpcServerListen(UINT MinimumCallThreads, UINT MaxCalls, UINT DontWait)
Definition: rpc_server.c:1520
RpcServerRegisterIf
RPC_STATUS WINAPI RpcServerRegisterIf(RPC_IF_HANDLE IfSpec, UUID *MgrTypeUuid, RPC_MGR_EPV *MgrEpv)
Definition: rpc_server.c:1116
RpcServerUseProtseqEpW
RPC_STATUS WINAPI RpcServerUseProtseqEpW(RPC_WSTR Protseq, UINT MaxCalls, RPC_WSTR Endpoint, LPVOID SecurityDescriptor)
Definition: rpc_server.c:927
RPC_C_LISTEN_MAX_CALLS_DEFAULT
#define RPC_C_LISTEN_MAX_CALLS_DEFAULT
Definition: rpcdce.h:122
RPC_S_OK
#define RPC_S_OK
Definition: rpcnterr.h:22
RPC_STATUS
long RPC_STATUS
Definition: rpc.h:52

Variable Documentation

◆ EventLogSource

PEVENTSOURCE EventLogSource
extern

Definition at line 35 of file eventlog.c.

Referenced by CheckLogOrSourceExistence(), InstallEventSource(), LogfReportEvent(), and wmain().